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DETAILED ACTION 

1 . Claims 7, 9-1 2, 21 , 23-26, 30, and 34-38 are pending in this office action, claim 
38 is newly added. 

Rejections 

2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

3. Claims 34 and 36 are rejected as being dependent upon a canceled claim, 
namely, claims 1 and 13. 

Claim Rejections - 35 USC § 103 

4. Claims 7. 9-12. 21. 23-26. 30. 35. and 37 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Sudia (U.S. Patent No. 5,659,616) inviewof Schneier et al. 
(U.S. Patent No. 5,956,404). 

Regarding claims 7. 21 . and 30 . Sudia teaches a digital signature verifying 
method/apparatus/computer program, comprising: 

• Accepting a message (fig. 9, ref. num 901/921 ); 

• Acquiring a log list of a digital signer (fig. 9A, users smart card and col. 18, lines 
8-22); and 
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• Checking whether log data of said digital-signature-attached message is 
registered in said log list (col. 18, lines 8-22), 

• And if the log data is registered in the log list, authenticating that the digital- 
signature-attached message was distributed by the digital signer (fig. .9, ref. num 
921). 

• Wherein said processor authenticates whether the digital signature included in 
said digital-signature-attached message has been generated for the message 
included in the digital-signature-attached message, using the digital signature 
and the message included in said digital-signature-attached message and a 
public key paired with a secret key of said digital signer (col. 1 1 , lines 12-41 ). 

Sudia does not specifically teach the accepting is of a digital-signature-attached 
message that is to be verified. 

Schneier et al. teaches accepting a digital-signature-attached message (col. 5, 
lines 35-41), wherein said digital-signature-attached message which may have been 
distributed by said digital signer is to be verified (col. 1 1 , lines 45-48). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine accepting a digital-signature-attached message, 
wherein said digital-signature-attached message may have been distributed by said 
digital signer is to be verified, as taught by Schneier et al. . with the method/apparatus/ 
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computer program of Sudia . It would have been obvious for such modifications 
because a digital-signature-attached message provides a strong audit trail; a strong 
audit trail provides an indisputable list of actions to verify all events that took place. 

Regarding claims 9 and 23 , the combination of Sudia in view of Schneier et al. 
teaches: 

• Wherein said digitai-signature-attached message further comprises data from a 
previously signed message (see coL 1 1 , lines 30-64 of Schneier et a!.), 

• Said method further comprising checking whether the digital signature included in 
the digital-signature-attached message has been generated for the message 
included in the digital-signature-attached message, using the digital signature, 
the data from a previously signed message, and the message included in said 
digital-signature-attached message and a public key paired with a secret key of 
said digital signer (see col. 11, lines 12-41 of Sudia). 

Regarding claims 10 and 24 , the combination of Sudia in view of Schneier et al. 
teaches said method further comprising checking whether data from a previously signed 
message included in said digital-signature-attached message is included in the log data 
registered immediately before log data of said digital-signature-attached message in 
said log list, and if the data from a previously signed message is included in the 
immediately previous registered log data, authenticating that said log list has not been 
altered (see col. 1 1 , lines 45-48 of Schneier et al.). 
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Regarding claims 1 1 and 25 . the combination of Sudia in view of Schneier et al. 
teaches: 

• Wherein said log data further comprises a distribution destination (see col. 6, 
lines 27-29 of Schneier et al.), 

• Said method further comprising acquiring a digital-signature-attached message 
from the distribution destination attached to the log data registered immediately 
before/after the log data of said digital-signature-attached message in said log list 
(see col. 1 1 , lines 30-42 of Schneier et al.), and 

• Checking whether the acquired message is included in said immediately 
previous/subsequent registered log data, and if the message Is included, 
authenticating that said log list has not been altered (see col. 1 1 , lines 44-50 of 
Schneier et al.). 

Regarding claims 12 and 26 , the combination of Sudia In view of Schneier et al. 
teaches: 

• Wherein said digital-signature-attached message further comprises a timestamp 
created using a second secret key (see col. 12, lines 41-48 of Schneier et al.), 

• Said method further comprising acquiring a digital signature and a time data by 
applying a public key paired with said second secret key to the timestamp 
included in said digital-signature-attached message (see col. 12, line 65 through 
col. 13, line 1 of Schneier et al.); and 
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• Checking whether date and time indicated by the acquired time data exceeds a 
date and time of signing of said digital-signature-attached message (see col. 12, 
lines 49-59 of Schneier et al.), 

• And if the date and time indicated by the time data does not exceed the date and 
time of signing of said digital-signature-attached message, authenticating the 
validity of the acquired digital signature (see col. 12, line 59-65 of Schneier et 
a!.). 

Regarding claims 35 and 37 . the combination of Sudia in view of Schneier et al. 
teaches wherein the digital-signature-attached message that is registered in the log list 
includes data based on a previously generated digital signature and on a previous 
message (see col. 6, line 65 through col. 7, line 15 of Schneier et al.). 

Claim 38 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schneier 
et al. (U.S. Patent No. 5,956,404), hereinafter referred to as '404, in view of Schneier et 
aL (U.S. Patent No. 5,978,475), hereinafter referred to as '475. 

Regarding claim 38 . '404 teaches a digital signing system, said system 
comprising: 

• A digital signing apparatus (col. 5, lines 7-34); 

• A timestamp issuing apparatus (col. 10, lines 30-37); and 

• A digital signature verifying apparatus (col. 12, lines 49-59), 
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• Said digital signing apparatus comprising a processor and a communication 
interface (col. 5, lines 22-28), wherein said processor applies a first secret key to 
a message or to its hash value to generate a digital signature (col. 5, lines 7-9), 
said processor transmits said digital signature to said timestamp issuing 
apparatus by said communication interface and acquires a timestamp in 
response (col. 10, lines 44-50), and said processor attaches the acquired 
timestamp to said message to create a digital-signature-attached message (col. 
12, lines 45-47 and fig. 3, ref. num 285), 

• Said timestamp issuing apparatus comprising a. processor and a communication 
interface (col. 5, lines 22-28), wherein said processor generates a timestamp by 
applying a second secret key to data which includes the digital signature sent by 
said digital signing apparatus, and a reception time of the digital signature (coL. 
10, lines 30-34), and said processor transmits said timestamp to said digital 
signing apparatus (col. 10, lines 34-37), and thereupon 

• Said processor checks whether data and time indicated by the time data exceeds 
expiration date and time assigned at said digital signing apparatus (coL 12, lines 
49-59), and when the date and time indicated by the time data does not exceed 
the expiration date and time, said processor authenticates the validity of the said 
digital signature (coL 12, lines 59-65). 

'404 does not teach accepting a digital-signature-attached message to be 
verified, acquiring a digital signature and time data, and authenticating whether said 
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digital signature has been generated for the message included in said digital-signature- 
attached message. 

'475 teaches said digital signature verifying apparatus comprising a processor 
interconnected with an input device (fig. IB, ref. num 110 to 180), wherein said input 
device accepts a digital-signature-attached message to be verified (col. 13, lines 15-33), 
and said processor acquires a digital signature and time data by applying a public key 
paired with the secret key of the timestamp apparatus to the timestamp included in said 
digital-signature-attached message (col. 15, lines 1-8), and thereupon said processor 
authenticates whether said digital signature included in said digital-signature-attached 
message has been generated for the message included in said digital-signature- 
attached message, using said digital signature, the message included in said digital- 
signature-attached message, and a public key paired with the secret key of the digital 
signing apparatus (col. 15, lines 1-8). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine accepting a digital-signature-attached message to be 
verified, acquiring a digital signature and time data, and authenticating whether said 
digital signature has been generated for the message included in said digital-signature- 
attached message, as taught by ;475, with the system of '404 . It would have been 
obvious for such modifications because the system provides a verifying machine a 
secure audit log for a trusted machine and an un-trusted machine. By using a public 
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key and a corresponding secret key, the audit log can only be viewed by its intended 
recipient. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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